Monthly Archive: September 2018

Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php. Date published : 2018-09-07 https://github.com/lengjibo/lengjibo.github.io/blob/master/gxlcms/index.html https://lengjibo.github.io/gxlcms/

Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1. Date published : 2018-09-07 https://bitbucket.org/zurmo/zurmo/issues/441

rejucms 2.1 has XSS via the ucenter/cms_user_add.php u_name parameter. Date published : 2018-09-07 https://github.com/ZBWACD/CodeAudit/blob/master/rejucms_v2.1%20%20xss1

The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports. Date published : 2018-09-07 https://www.phpmyfaq.de/security/advisory-2018-09-02

phpMyFAQ before 2.9.11 allows CSRF. Date published : 2018-09-07 https://www.phpmyfaq.de/security/advisory-2018-09-02

A command Injection in ps package versions

PHP Scripts Mall Currency Converter Script 2.0.5 allows remote attackers to cause a denial of service (web-interface change) via an inverted comma. Date published : 2018-09-07 https://googlequeens.com/2018/09/04/cve-2018-16454-currency-converter-script-2-0-5-has-buffer-overflow

The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in libwpfilemanager.php. Date...

Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter. Date published : 2018-09-07 http://www.securityfocus.com/bid/107416 https://www.exploit-db.com/exploits/45342/

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024. Date...

The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" (which is private, yet predictable and readable by...

An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file...

An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03. Date published : 2018-09-07 https://www.kone.com/en/vulnerability.aspx http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html

An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01. Date published : 2018-09-07 https://www.kone.com/en/vulnerability.aspx http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html